[sanesecurity] Re: Monitor Sanesecurity updates
- From: polloxx <polloxx@xxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Thu, 19 Mar 2015 16:33:05 +0100
I wrote a little bash script to check when Sanesecurity was updated:
*#!/bin/bash*
*declare -a names_arr=("blurl.ndb" "jurlbla.ndb" "jurlbl.ndb" "spearl.ndb"
"spear.ndb" "bofhland_cracked_URL.ndb" "phishtank.ndb" "porcupine.ndb"
"scamnailer.ndb" "phish.ndb" "bofhland_malware_URL.ndb"
"bofhland_cracked_URL.ndb" "bofhland_phishing_URL.ndb" "rogue.hdb"
"winnow_phish_complete_url.ndb")age1=0age2=9999999for i in
"${names_arr[@]}"do OLD=`stat -c %Z /var/lib/clamav/"$i"`; NOW=`date
+%s` age1=$((NOW-OLD)) if [ "$age1" -lt "$age2" ];
then age2="$age1" fidoneecho $age2*
This script checks for the age of 15 fast changing virus definition files
and returns the youngest change in seconds.
This value can be used by your favorite monitoring system to fire a trigger
when this value exceeds a given value.
Comments are welcome.
On Wed, Mar 11, 2015 at 6:15 PM, Benny Pedersen <me@xxxxxxx> wrote:
> polloxx skrev den 2015-03-11 17:19:
>
>> A while ago I wrote a bash script to run in conjunction with our
>> Zabbix monitoring system to monitor freshclam. If there's no freshclam
>> for let's 48h the admins receive a warning about it. Anyone ever
>> wrote a similar script to monitor Sanesecurity updates?
>>
>
> not needed if freshclam was more supported, well bash is nice with pgp as
> a workaround for not have it ready yet as a 3dr party signature, problem in
> freshclam is that if you add urls to fetch databases it could not be
> verified if it was pgp signed sigs, thats why freshclam is not yet
> supported, or even scripted updates :(
>
> well i know rsync can diff download, but can curl ?
>
> imho freshclam do a better job if sanesecurity was supported now there
>
> sigtool does not yet create valid database files, or even cdiff's, hope it
> comes in a near future
>
>
Other related posts:
